Public | Automated Build

Last pushed: 2 years ago
Short Description
Rekall Memory Forensic Framework
Full Description

Rekall Memory Forensic Framework

This Dockerfile represents a Docker image that encapsulates the Rekall Memory Forensic Framework. To run this image after installing Docker, use a command like this:

sudo docker run --rm -it -v ~/files:/home/nonroot/files remnux/rekall bash

then run "rekall" in the container with the desired parameters.

Before running the command above, create the "files" directory on your host and make it world-accessible (e.g., "chmod a+xwr ~/files").

To use Rekall's web console, invoke the container with the -p parameter to give your host access to the container's TCP port 8000 like this:

sudo docker run --rm -it -p 8000:8000 -v ~/files:/home/nonroot/files remnux/rekall

Then connect to http://localhost:8000 using a web browser from your host.

Docker Pull Command
Source Repository

Comments (1)
10 months ago

When attempting to run the second line for Rekall's web console I get the error "rekall: error: argument worksheet is required". Is it because you have not got the line "pip install rekall-gui" in your Dockerfile?